Credit: TEDx Foggy Bottom
With the goal of harnessing the untapped potential of Iranian-Americans, and to build the capacity of the Iranian diaspora in effecting positive change in the U.S. and around the world, the West Asia Council has launched a series of interviews that explore the personal and professional backgrounds of prominent Iranian-Americans who have made seminal contributions to their fields of endeavour. Our latest interviewee is Niloofar Razi Howe.
Niloofar Razi Howe has been a venture capitalist, an entrepreneur and an operator in the technology industry for the past 25 years, with a focus on the security market for the past 12 years. Currently she is the Chief Strategy Officer at RSA, one of the largest cyber security companies in the world as well as a strategic advisor to Paladin Capital Group, a private equity fund based in Washington D.C. Her non-profit work includes serving on the board of IREX, an organization focused on building a just, prosperous and inclusive world by cultivating leaders, strengthening institutions, and extending access to quality education and information, as well as serving on the board of Sibley Memorial Hospital, a member of Johns Hopkins Medicine. Niloofar is a graduate of Columbia College and Harvard Law School. For more details, please click (here).
Tell our readers where you grew up and walk us through your background. How did your family and surroundings influence you in your formative years?
I recently gave a TEDx talk on this topic. At the age of 10, my country, Iran, went through a theocratic revolution, making it impossible for my family to stay there safely. Like many Iranians, we left for the safety of the West, first to England, where I was placed in an English boarding school until my parents could figure out what the future held for us. During the course of the year, it became increasingly clear that going back to Iran would not be an option, and so my parents decided to move to the United Sates and ultimately settle down in Los Angeles. Over the course of a year as a ten- and eleven-year-old, I adapted from life in the comfort of my beloved Iran and the normal routines you would expect of a close-knit family, to life in an English boarding school, and finally, to life in beautiful California. Going through these childhood experiences, I learned to adapt and be resilient. I learned not to fall victim to the 'status quo bias' but rather to embrace change as an experience that can be positively transformative even when it's hard and even when it's scary. And most importantly, I learned that there is a difference between failing and being a failure. I learned that the only failure is in not taking chances and learning from our experiences.
Admiral Grace Hopper famously said, "The most dangerous phrase in the English language is, 'we've always done it this way.'" As a result of my childhood experiences, my mindset is to always question how things are done and to probe whether there is a better, more effective way to accomplish our goals.
What are the key factors that have made you become a successful manager and entrepreneur in two male dominated industries; venture capital and cybersecurity?
As a result of being uprooted as a child I had to learn to adapt quickly to environments very different than what I had known, and to live with people whose perspectives, language, and culture was very different from mine. This has enabled me to work in industries and with people whose mindset, background, and experience is very different from mine. And rather than resisting or fearing this diversity, I've come to understand it, and not only learn to function effectively in it, but more importantly find ways to leverage that diversity into better outcomes. Now there are unique challenges that come with being the 'odd man out' so to speak. I have a particular life philosophy that has enabled me to cope with those challenges.
I love skiing-I came to love the sport while skiing the amazing mountains outside of Tehran. I especially enjoy tree skiing and when you do that you can either focus on the trees or the path through the trees. Now your skis go where your eyes focus- so if you focus on the trees, you'll end up wrapped around one, but if you focus on the path you will make it through.
My professional focus has always been on the path, and not on the obstacles. So while working in male dominated industries does have a unique set of challenges beyond the typical professional challenges everyone faces, overcoming them is no different--know what the obstacles in front of you are, and stay focused on the path through.
Can you talk a little about your role at RSA? You lead the overall RSA corporate strategy, corporate development, and planning. How has your security investment insight and management experience helped RSA's vision thus far?
We have an amazing team at RSA--people who are the best at what they do and true visionaries in the security space. I am lucky to be working at a company with such a deep bench of talent. My primary responsibility is working closely with the rest of the executive team to ensure that we have a laser focus on our longer-term strategic objectives and that all of our activities align with where we want to take our business over the next 2 to 5 years. I call this our corporate roadmap. The goal of corporate development and planning is to lay out a path for succeeding along our corporate roadmap and achieving our corporate objectives. This includes whether and how we build, buy, or partner with other companies to reach them. Prior to coming to RSA, I spent 12 years in the security industry both as an operator at Endgame, where I also had the privilege of working with an incredibly talented team, and as a partner at a private equity fund, Paladin Capital Group, where I also worked with a diverse and accomplished group of professionals, including the former head of the NSA, the former head of CIA, and the former Deputy Director of DARPA. I am excited to bring that knowledge base and experience as well as the network of people I know to RSA, a company that plays a unique role in the cyber security industry with its resources, scale and comprehensive suite of products across multiple markets.
Can you tell us the significant trends in cybersecurity and how companies can deal with them?
I believe cybersecurity professionals are trying to solve one of the hardest problems enterprises face today.
Almost 70% of organizations report that they have been compromised by a successful cyber breach in the past 12 months. A good portion of the rest simply aren't capable of detecting their breaches. Security incidents are growing by 66% each year and 56% of companies say that it's unlikely or highly unlikely that they would be able to detect a sophisticated attack. RSA's own research shows that 90% of organizations are not satisfied with how quickly they are able to detect and investigate attacks.
We are dealing with focused, sentient adversaries who are patient, persistent, creative, and yet also unconstrained by laws, policy, and regulation. They have an increasingly broad set of sophisticated tools at their disposal. Additionally, they have an asymmetric advantage in that they need only be correct once to get in, while defenders have to be right every time in order to stop them. Modern IT (mobile, cloud) has further complicated the situation for defenders in that they have a much more diversified, broader attack surface to defend. Consequently, they will continue their attacks until they are successful with little fear of attribution and therefore deterrent action. Our adversaries are moving and evolving at a tremendous rate, and we need to as well.
To be effective, we need a perspective that leverages new levels of visibility from analytics and detection methodologies that can provide certainty around what's really happening in our environments and give security operators the speed to insight so they can take the right actions.
The core of this new perspective on cybersecurity is the need to provide better, more comprehensive insights than legacy tools and systems can provide.
This is about:
•Comprehensive and accurate visibility, analytics and detection capabilities
•Resulting in faster time to insight and time to action
•And, a better ability to link security operations and strategy with business priorities
This new perspectives must be informed by the business context around IT security issues and what matters to an organization. CEOs and Boards care less about the cause of a breach than the overall impact it has on the business. They care about concerns such as: Is business continuity affected? What about intellectual property? What are the regulatory compliance implications? We need to unite the details of security with the language of business.
This new perspective, what we at RSA call business-driven security, is the new path forward and the next generation of cybersecurity solutions - ones that RSA and other innovative vendors are developing, need to move our industry forward strengthened with this better, more complete perspective.
What sorts of threats nowadays can contribute to the vulnerability of businesses and organizations to cyberattack?
One of the biggest threats enterprises face today is the rapidly changing technology landscape. Today's modern computing environments leverage mobile platforms with an expectation that we will have 50B connected devices by 2020, cloud-based services, integrated digital supply chains, dynamic employee and partner relationships, and new threat vectors with the adoption of BYOD and IoT. The rapid convergence of these technology trends coupled with changing work styles of employees has made it increasingly difficult for enterprises to defend themselves.
What is the biggest challenge that you face in your career?
Recruiting, retaining, motivating, and managing talented individuals is always challenging. We live in a talent economy where people can easily move from company to company and from industry to industry. Finding the right people who will thrive in their role and in the company, recruiting them, onboarding them properly so that they are set up to succeed and love their job and the company from day one, and then empowering them for long-term success over the course of their career is a hard challenge. However, when done right, it is incredibly gratifying.
I wanted to ask about your thoughts on your Iranian-American identity. What does it mean to be an Iranian- American to you?
Being Iranian-American means that at times I am too American for my parents and at times too Iranian for my children. It also means that I have spent the past three decades trying to bring the best of these cultures and traditions together in my personal life. My children bang pots throughout the neighborhood and jump over fire to celebrate Nowruz, the Iranian New Year, every spring. And my parents celebrate Fourth of July in full stars and stripes regalia. It's not perfect-- my parents and I still fight over tah dig, the burnt rice at the bottom of the pot, as a sumptuous delicacy while my children view tah dig as the burnt remains of an overcooked meal- it's not perfect, but we have made it work.
And it works because while our traditions might be different, the Iranian heritage is one of culture, intellect, justice, compassion and a deep respect for human rights. Historically, and by historically I mean over several millennia, Iran has been an inclusive and tolerant society. This culture, mindset and belief system, which is deeply ingrained in me also represents a set of values shared not just by Iranians, but also by Americans. So while our language is different, our traditions are different, and there are certainly differences in social norms, as human beings Iranians and Americans share many of the same core values.
There are some amazing writers like Jhumpa Lahiri and Chimamanda Ngozi Adichie who have addressed the challenges of assimilation and inherent culture clashes of immigrants with their remarkable novels, and often with a sense of humor around some very difficult topics with their remarkable novels. I hope people read these novels as a way to understand the immigrant experience. When it comes down to it, our industry, and our country will be stronger if we remain diverse and open to new perspectives, if we continue welcoming people from different backgrounds and experiences into our society.